About the security content of Apple TV 4.2

This document describes the security content of Apple TV 4.2.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

Apple TV 4.2

&NewLine;

&NewLine;

Apple TV

&NewLine;

Available for: Apple TV 4.0 and 4.1

&NewLine;

Impact: Multiple vulnerabilities in FreeType

&NewLine;

Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/

&NewLine;

CVE-ID

&NewLine;

CVE-2010-3855

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Apple TV

&NewLine;

Available for: Apple TV 4.0 and 4.1

&NewLine;

Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

&NewLine;

Description: A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

&NewLine;

CVE-ID

&NewLine;

CVE-2011-0191 : Apple

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Apple TV

&NewLine;

Available for: Apple TV 4.0 and 4.1

&NewLine;

Impact: Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution

&NewLine;

Description: A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

&NewLine;

CVE-ID

&NewLine;

CVE-2011-0192 : Apple

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Apple TV

&NewLine;

Available for: Apple TV 4.0 and 4.1

&NewLine;

Impact: A server may be able to identify a device across connections

&NewLine;

Description: The IPv6 address chosen by the device contains the device's MAC address when using stateless address autoconfiguration &lpar;SLAAC&rpar;. An IPv6 enabled server contacted by the device can use the address to track the device across connections. This update implements the IPv6 extension described in RFC 3041 by adding a temporary random address used for outgoing connections.

&NewLine;

&NewLine;

&NewLine;

&NewLine;

Apple TV

&NewLine;

Available for: Apple TV 4.0 and 4.1

&NewLine;

Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset

&NewLine;

Description: A bounds checking issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset.

&NewLine;

CVE-ID

&NewLine;

CVE-2011-0162 : Scott Boyd of ePlus Technology, inc.

&NewLine;

&NewLine;

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.